Support the firm's security assessment and compliance program by providing expertise in a variety of areas, including security risk assessment, security test and evaluation, development of secure systems and networks, system auditing, vulnerability management, assessment and authorization (A&A), system analysis, and system hardening. Assist system owners, system developers, and system project managers with comprehending their system's security requirements in accordance with applicable laws and regulations and choosing the most appropriate compensating security controls. Conduct security assessments and make accurate evaluations of the level of security required based on risk determinations. Create customized risk assessment packages. Coordinate with ISSOs and system owners to remediate findings resulting from both internal and external audits. Weigh business needs against security concerns and articulate issues to management.

Basic Qualifications:

-5+ years of experience with varied information security fields, including risk management, certification and accreditation, identity and access management, and security testing

-3+ years of experience with performing A&As for information systems and writing system security plans

-Experience with implementing ISO27000 or NIST IT publications and guidelines, including SP 800-series, FIPS 199, and OMB regulations and FISMA

-Experience with assessing against DFARS and 800-171 and Sarbanes-Oxley (SOX) audit requirements and processes and determining systems, network, or infrastructure security requirements and controls against various industry guidance and best practices

-Experience with security control implementation using tools for penetration testing, vulnerability assessment scans, and federal security standards, including FISMA, NIST, DHS, and DIACAP assessment and implementation